Quantcast
Channel: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
Browsing all 5385 articles
Browse latest View live

Getting Events from Network Devices

:0
:0
July 21, 2016, 12:44 pm

What protocol does LEM use to get logs from routers, switches, and other network devices?

View Article
Search
Image may be NSFW.
Clik here to view.

Re: Not able to add Cisco IPS node on LEM

:0
:0
July 21, 2016, 9:17 pm

i saw an issue that when i connect IPS with IPS Manager after apply credentials on IPS manager it prompt me to accept certificate that was generated by IPS , is there any way to accept IPS certificate...

View Article

Re: Getting Events from Network Devices

:0
:0
July 22, 2016, 1:10 am

Hi Cassandra, Typically speaking, LEM receives logs from network devices via syslog on Port 514, using TCP/UDP. If you need advice on how to configure a particular device/LEM connector let me know.

View Article

Server Disk C monitoring - Alert

:0
:0
July 22, 2016, 6:09 am

What is the best and easiest way to setup a rule to get an alert on any server disk C used up to 75%? I do have it setup for LEM appliance with heartbeat but not sure how to get all our servers...

View Article
Image may be NSFW.
Clik here to view.

Re: Server Disk C monitoring - Alert

:0
:0
July 22, 2016, 6:22 am

I do ours like this: For your case, you would want to build a servers group and apply it to that.

View Article
Image may be NSFW.
Clik here to view.

Re: Server Disk C monitoring - Alert

:0
:0
July 22, 2016, 2:57 pm

The thing to keep in mind is that windows event id that LEM is looking for for disk space alerts is set up at the operating system level, the default being at 10% free space remaining.  To change the...

View Article

Re: Not able to add Cisco IPS node on LEM

:0
:0
July 25, 2016, 7:32 am

It appears this is an issue with the 7.0 IPS software.  It also appears that Cisco is at least up to 7.3 as of 2015. Release Notes for Cisco Intrusion Prevention System 7.3(2)E4 - Cisco Can you update...

View Article

LEM nodes don't delete

:0
:0
July 25, 2016, 8:03 am

Recently updated our LEM to 6.2.1.We are seeing nodes that have been retired, but still on the network. We delete them butthey magically return. Anyone know how to fix this behavior? Thanks,Ken T.

View Article
Search

LEM Not On DHS CDM Product Catalog List! Why Not?

:0
:0
July 25, 2016, 11:47 am

I work for a federal agency, and we are being directed to utilize tools off of the new Homeland Security Continuous Diagnostics & Mitigation (CDM) product catalog, and while I see SolarWinds NCM...

View Article

Re: LEM nodes don't delete

:0
:0
July 25, 2016, 2:55 pm

Are these Agent or syslog nodes? If Agents, that suggests they're still on and trying to connect somewhere. If syslog, has something else claimed the same IP and sent logs to LEM? If you search for the...

View Article

Re: LEM Not On DHS CDM Product Catalog List! Why Not?

:0
:0
July 25, 2016, 2:56 pm

I know that 6.3 (currently in RC) is supposed to address some short-comings in LEM that may impact NIST compliance, especially as it relates to CAC requirements.  It may be that they haven't...

View Article

Re: LEM Not On DHS CDM Product Catalog List! Why Not?

:0
:0
July 26, 2016, 4:24 am

Thanks curtsi. I've used Splunk (and the rest of them) and LEM is by and large a dominant product, so it has every reason to be on that list. If you need any additional documentation on the specs and...

View Article

LEM Hardening

:0
:0
July 26, 2016, 5:34 am

Dear All  We are running LEM 6.2.1 in our environment. IS team has run the internal vulnerability scanner in which we have found many vulnerabilities in LEM VM. Can any one guide us how to fix that...

View Article
Image may be NSFW.
Clik here to view.

Does not equal filtering question

:0
:0
July 26, 2016, 7:09 am

I want to see all the executables run in the user's home directory. I can see that information with the ProcessStart.ExtraneousInfo *C:\Users* but when I try to filter out all of the usual executables...

View Article

Re: LEM Not On DHS CDM Product Catalog List! Why Not?

:0
:0
July 26, 2016, 7:24 am

Good news! We did get LEM on the CDM product guide during the last phase. Please see page 20 of the approved list, item 233:...

View Article
Search
Image may be NSFW.
Clik here to view.

Re: LEM Hardening

:0
:0
July 26, 2016, 7:33 am

The LEM is an appliance, so there's no maintenance to do.  However, 6.3 (currently in RC) does address a lot of the new vulnerabilities.

View Article
Image may be NSFW.
Clik here to view.

Re: Does not equal filtering question

:0
:0
July 26, 2016, 10:48 am

While it seems like your logic should work, I was able to reproduce this in my environment.  To get it to work, move all of the not equals statements into a separate group as such:  Logically, you...

View Article
Image may be NSFW.
Clik here to view.

Re: Does not equal filtering question

:0
:0
July 26, 2016, 12:55 pm

That seems to have worked... odd but working.  Thanks buddy!

View Article

Unable to get E-Mails. How can I temporarily get the notifications from a Rule?

:0
:0
July 27, 2016, 9:55 am

We are going through an e-mail migration and there has been some issues arise with the e-mails coming from the Solarwinds LEM product.  I was just wondering if there is another way I can get that...

View Article

ndepth query

:0
:0
July 27, 2016, 1:24 pm

new to SW LEM and trying to figure out a way to drill into a file server from a few weeks ago, I'm trying to use nDepth from console and pick criteria correctly. is there a max of how far back I can...

View Article
Browsing all 5385 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>